infra/nix/os/devices/fwhost2/system.nix

{ pkgs, lib, ... }:
let
  passwords = import ../../../variables/passwords.crypt.nix;
in
{
  # TASK: new device
  networking.hostName = "fwhost2"; # Define your hostname.

  networking.useDHCP = false;

  networking.firewall.enable = lib.mkForce false;
  networking.firewall.allowedTCPPorts = [
    # iperf3
    5201
  ];

  networking.firewall.logRefusedConnections = false;
  networking.usePredictableInterfaceNames = false;

  networking.bridges.breth.interfaces = [
    "eth0"
    "eth1"
  ];
  networking.bridges.breth.rstp = true;

  networking.defaultGateway.address = "172.172.171.10";
  networking.nameservers = [ "172.172.171.10" ];

  # WAN interfaces, currently unused because the OPNsense guest acts as a router.
  networking.vlans.wan1.id = 3;
  networking.vlans.wan1.interface = "breth";
  networking.interfaces.wan1.ipv4.addresses = [
    {
      address = "192.168.0.16";
      prefixLength = 24;
    }
  ];

  networking.vlans.wan2.id = 4;
  networking.vlans.wan2.interface = "breth";
  networking.interfaces.wan2.ipv4.addresses = [
    {
      address = "172.16.0.16";
      prefixLength = 12;
    }
  ];

  # Local interfaces, all accessed via VLAN tags on the main bridge
  networking.vlans.lan.id = 1;
  networking.vlans.lan.interface = "breth";
  networking.interfaces.lan.ipv4.addresses = [
    {
      address = "172.172.171.16";
      prefixLength = 24;
    }
  ];

  networking.vlans.dmz.id = 5;
  networking.vlans.dmz.interface = "breth";

  networking.vlans.family.id = 6;
  networking.vlans.family.interface = "breth";

  networking.vlans.guests.id = 7;
  networking.vlans.guests.interface = "breth";

  services.hostapd = {
    enable = false;
    hwMode = "g";
    interface = "wlan0";
    ssid = "noowhere-lan";
    wpaPassphrase = passwords.wifi.noowhere-lan;
    extraConfig = ''
      bridge=breth
    '';
  };

  virtualisation = {
    libvirtd = {
      onShutdown = "shutdown";
      enable = true;
    };
  };

  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`{ pkgs, lib, ... }:`
			`let`
add fwhost1 2022-01-12 04:11:18 +01:00			`passwords = import ../../../variables/passwords.crypt.nix;`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`in`
			`{`
add fwhost2 2022-01-09 21:50:55 +01:00			`# TASK: new device`
			`networking.hostName = "fwhost2"; # Define your hostname.`

			`networking.useDHCP = false;`

			`networking.firewall.enable = lib.mkForce false;`
			`networking.firewall.allowedTCPPorts = [`
			`# iperf3`
			`5201`
			`];`

			`networking.firewall.logRefusedConnections = false;`
			`networking.usePredictableInterfaceNames = false;`

feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`networking.bridges.breth.interfaces = [`
			`"eth0"`
			`"eth1"`
			`];`
use rtsp on the fwhosts 2022-01-13 00:07:23 +01:00			`networking.bridges.breth.rstp = true;`
add fwhost2 2022-01-09 21:50:55 +01:00
			`networking.defaultGateway.address = "172.172.171.10";`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`networking.nameservers = [ "172.172.171.10" ];`
add fwhost2 2022-01-09 21:50:55 +01:00
			`# WAN interfaces, currently unused because the OPNsense guest acts as a router.`
			`networking.vlans.wan1.id = 3;`
add fwhost1 2022-01-12 04:11:18 +01:00			`networking.vlans.wan1.interface = "breth";`
chore: format with alejandra 2023-02-07 18:24:28 +01:00			`networking.interfaces.wan1.ipv4.addresses = [`
			`{`
			`address = "192.168.0.16";`
			`prefixLength = 24;`
			`}`
			`];`
add fwhost2 2022-01-09 21:50:55 +01:00
			`networking.vlans.wan2.id = 4;`
add fwhost1 2022-01-12 04:11:18 +01:00			`networking.vlans.wan2.interface = "breth";`
chore: format with alejandra 2023-02-07 18:24:28 +01:00			`networking.interfaces.wan2.ipv4.addresses = [`
			`{`
			`address = "172.16.0.16";`
			`prefixLength = 12;`
			`}`
			`];`
add fwhost2 2022-01-09 21:50:55 +01:00
add fwhost1 2022-01-12 04:11:18 +01:00			`# Local interfaces, all accessed via VLAN tags on the main bridge`
add fwhost2 2022-01-09 21:50:55 +01:00			`networking.vlans.lan.id = 1;`
add fwhost1 2022-01-12 04:11:18 +01:00			`networking.vlans.lan.interface = "breth";`
chore: format with alejandra 2023-02-07 18:24:28 +01:00			`networking.interfaces.lan.ipv4.addresses = [`
			`{`
			`address = "172.172.171.16";`
			`prefixLength = 24;`
			`}`
			`];`
add fwhost2 2022-01-09 21:50:55 +01:00
			`networking.vlans.dmz.id = 5;`
add fwhost1 2022-01-12 04:11:18 +01:00			`networking.vlans.dmz.interface = "breth";`
add fwhost2 2022-01-09 21:50:55 +01:00
			`networking.vlans.family.id = 6;`
add fwhost1 2022-01-12 04:11:18 +01:00			`networking.vlans.family.interface = "breth";`
add fwhost2 2022-01-09 21:50:55 +01:00
			`networking.vlans.guests.id = 7;`
add fwhost1 2022-01-12 04:11:18 +01:00			`networking.vlans.guests.interface = "breth";`
add fwhost2 2022-01-09 21:50:55 +01:00
			`services.hostapd = {`
add fwhost1 2022-01-12 04:11:18 +01:00			`enable = false;`
add fwhost2 2022-01-09 21:50:55 +01:00			`hwMode = "g";`
add fwhost1 2022-01-12 04:11:18 +01:00			`interface = "wlan0";`
			`ssid = "noowhere-lan";`
			`wpaPassphrase = passwords.wifi.noowhere-lan;`
			`extraConfig = ''`
			`bridge=breth`
			`'';`
add fwhost2 2022-01-09 21:50:55 +01:00			`};`

			`virtualisation = {`
			`libvirtd = {`
			`onShutdown = "shutdown";`
			`enable = true;`
			`};`
			`};`

			`boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;`
			`}`